Yahoo breach shows fast-food mentality of digital data is a problem

FOSTER CITY, Calif. — It’s a classic trade-off in our modern world: convenience vs. security. As a product or service designer, do I make something easy to use, or do I ensure data privacy and security, even at the cost of a few extra steps or a few more seconds?

While there have been, and continue to be, healthy debates on the topic, it’s clear today that, in most cases, convenience trumps security. The fear of “creating friction” in a process, or during the use of a product, has somehow become the mantra that guides how these types of design decisions are made.

But let’s be honest. What the victory of convenience really means is that when it comes to many technology-driven interactions, most of us have become lazy and impatient. We’ve reached a point of both comfort and complacency with our technology. Basically, we don’t want unnecessary steps blocking access to what we really want to do.

The outcry over the introduction of chip-and-pin credit cards is a simple, but classic example. The extra 15 seconds it initially took (now typically down to 5 seconds or less) for these transactions caused all kinds of public outcry about the hassles of the new technology, despite the fact that the new cards are significantly more secure than the simple magnetic strip cards we’re used to.

I hate to say it, but it’s the fast food mentality of digital data access: quick, fast and easy, but with little to no consideration about what the implications of this approach will bring.

The recently discovered massive data breach at Yahoo, however, should make all of us, as well as the designers of the products and services we use, give pause and reconsider how we think about the manner with which we approach our digital devices and services.

Just to put the Yahoo data loss into context, it’s essentially as if every single man, woman and child in the US and roughly half of Western Europe (or just under 40% of the population of China) had at least a portion of their identity stolen. It’s frankly hard to really comprehend.

To make matters worse, the actions were supposedly driven by another nation-state. In an era of potential cyberwarfare, that could mean being able to individually target each of the hacked account individuals’ digital assets. Though it may not lead to physical injuries, the amount of chaos that could be created if large numbers of people couldn’t get access to their money, make purchases, or reliably use any of the services upon which they now rely could be massive.

To be clear, the Yahoo breach itself doesn’t appear to be a direct result of policies that favored convenience over security. However, the ability to leverage the stolen data across many other digital services most certainly is. The convenience-focused environment in which we, and all our digital devices and services, exist has encouraged the reuse of simple passwords (not intentionally, but because we can only remember so may passwords). It’s also helped create many other lax security procedures that have led us to the precarious situation we now find ourselves in.

Part of the problem is that we haven’t really collectively recognized the value and importance of our digital assets and digital identities. They all seem to come so quickly and easily, that we don’t assign much worth to them. But the truth is, we need to start thinking about our digital security at an equal if not even higher level than our physical security. Like it or not, our digital identities have become some of our most precious assets, and we need to think about and secure them accordingly.

Despite this, there is, of course, a limit to how difficult or time consuming we can make any digital access process. Just as there is limited value in installing six different locks on your front door, so too are there limits in how many factors of authentication—or means of digitally identifying yourself—that can be put in place. Plus, there is work around biometric authentication, such as fingerprint readers, iris scanners and other related technologies that use the unique physical aspects of our bodies, that are starting to deliver better security in a relatively fast way. In addition, industry standards like FIDO are helping create methods for sharing these digital credentials across different services. Ideally, these new capabilities will give us both security and convenience.

Ultimately, though, it’s time we reset our priorities on the importance of security over convenience. The brief happiness that may occur from fast access needs to be replaced by a more lasting sense of serenity knowing that our digital identities are safe and secure.

USA TODAY columnist Bob O'Donnell is the president and chief analyst of TECHnalysis Research, a market research and consulting firm that provides strategic consulting and market research services to the technology industry and professional financial community. His clients are major technology firms including Microsoft, HP, Dell, and Qualcomm. You can follow him on Twitter @bobodtech.


To find out more about Facebook commenting please read the
Conversation Guidelines and FAQs

Leave a Comment